[openstack-dev] [openstack-ansible] To NTP, or not to NTP, that is the question
Jesse Pretorius
jesse.pretorius at gmail.com
Mon Sep 21 14:11:25 UTC 2015
On 18 September 2015 at 14:03, Major Hayden <major at mhtx.net> wrote:
> Hey there,
>
> I start working on a bug[1] last night about adding a managed NTP
> configuration to openstack-ansible hosts. My patch[2] gets chrony up and
> running with configurable NTP servers, but I'm still struggling to meet the
> "Proposal" section of the bug where the author has asked for non-infra
> physical nodes to get their time from the infra nodes. I can't figure out
> how to make it work for AIO builds when one physical host is part of all of
> the groups. ;)
>
> I'd argue that time synchronization is critical for a few areas:
>
> 1) Security/auditing when comparing logs
> 2) Troubleshooting when comparing logs
> 3) I've been told swift is time-sensitive
> 4) MySQL/Galera don't like time drift
>
> However, there's a strong argument that this should be done by deployers,
> and not via openstack-ansible. I'm still *very* new to the project and I'd
> like to hear some feedback from other folks.
>
> [1] https://bugs.launchpad.net/openstack-ansible/+bug/1413018
> [2] https://review.openstack.org/#/c/225006/
We have historically taken the stance of leaving something like this as a
deployer concern - much like setting up host networking and setting host
repositories. That said, there's value in opinionation based on best
practices learned from hard-won lessons in the trenches.
I'm somewhat on the fence with this. As-is I don't think the review should
go in. That said, I'd be more open to an individual role being used to
implement an appropriate network time configuration - whether that role be
something that exists within Ansible Galaxy, or whether it's a new role in
the current repository, or as its own repository in the OpenStack-Ansible
'big tent' as proposed in https://review.openstack.org/213779
I do definitely think that there's value in preparing some documentation
which will help prospective deployers understand how they can consume roles
from Ansible Galaxy (or some role in an arbitrary repository) to solve
common problems like this. The tooling is already in the OpenStack-Ansible
repository, so all it needs is a guiding document which describes how to
use it.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150921/95e00b0c/attachment.html>
More information about the OpenStack-dev
mailing list